Redeploying Kubernetes master server

Goal: redeploy Kubernetes master node without redeploying the worker nodes, while keeping the same x509 certificates and all the Kubernetes configuration. No client/consumer action is required, this is solely a server side operation.

The following has been tested in a single master Kubernetes deployment scenario (deployed with the kubeadm).

If you have tested this in a multi-master node deployment, please share your observations.

With a single master server, the impact should be minimal as long as internal DNS is not actively used since it will be the only unavailable service (along with the Kubernetes API itself of course).

Backup Kubernetes PKI

The x509 certificates in /etc/kubernetes/pki directory are created when the Kubernetes cluster is built and maintained so they will not expire. These certificates are mainly used for identification and authorization, and also for securing the connection between the core services such as kubelets, etcd.

The Kubernetes CA certificate contain DNS names, IP addresses of the Kubernetes master server(s). The same valid for the etcd CA certificate, except that DNS and IP's are of the server(s) running the etcd cluster.

While it is possible for you to regenerate the x509 certificate, sign with it everything that is related to it again and distribute it across your environment, it is better if you do not go that way and instead just use the internal IP for the k8s-master instance which was used before.

To set the previous IP address to your new instance, use the following commands: